Perl and Dynamic SQL queries

[cyphrix]

Anyone know of any good guides on Perl and Dynamic SQL queries? I'm writing a huge application and I've decided that Dynamic is the best way to go. If anyone knows of any or could offer any help, please let me know.

 

[Kirsle]

How do you define "dynamic"? As in "constantly changing" or "generated on the fly"?

In either case...

my $query = "SELECT $var1 FROM $var2 WHERE $var3";
# send $query into your DMB module

Where you get $var1, $var2, and $var3 is up to your own code.

-------------
Cuvou.com | The NEW Kirsle.net

 

[stevexff]

In Kirsle's example, if $var1 through $var3 are input the user typed in on a form, then use placeholders and prepare the statement first. This will protect you from SQL injection problems.

I don't think that placeholders work for anything other than predicates in the WHERE clause. So I guess it depends on just how 'dynamic' your SQL really is. Normally the table and returned columns are fixed, and it's just the selection criteria that change. If your SQL is more dynamic than that, you might want to revisit your design, as it might be a bit open-ended...

Steve

[small]"Every program can be reduced by one instruction, and every program has at least one bug. Therefore, any program can be reduced to one instruction which doesn't work." (Object:erlDesignPatterns)[/small]

 

[cyphrix]

basically, the user is presented with a GUI (perl/tk) each entry box widget is assigned to a variable in which whatever text is typed into the box is assigned to a specific variable just for that box. The SQL query needs to be built off of that each timet the user does a query with the GUI. I am brand new to SQL and I have something that "kinda" works right now, just can't get it to return ONLY what I query, it returns what I query, plus whatever else it feels like returning (which is usually the entire database thus crashing the app)

I will keep working on it, thanks for your replies Kirsle and Steve